Effective cyber defense (i.e., the defense of an organization's information technology infrastructure against a variety of security breaches) is aided by the following kinds of information: i) information that permits accurate perception of the overall security state of the organization's information infrastructure; ii) comprehension of current and past security incidents and of their impact on the organization's overall mission or goals; and iii) projection of the effects on the organization's overall mission or goals of both unmitigated security incidents and of the courses of action that may be taken to counteract those incidents. Comprehension of these and other types of information provides an organization's information analyst with what may be referred to as “situational awareness.”
Situational awareness does not come easily, especially in an area of expertise as new as information assurance. Currently available security tools are good at providing data, but they do not provide an integrated picture to the user. For example, published PCT application, with international publication number WO 00/05852 and a publication date of Feb. 3, 2000, discloses software programs designed for active or passive LAN/WAN monitoring and visual displays, but does not show an integrated visual display which allows the user to see the “big picture” of the infrastructure's security state. Likewise, U.S. Pat. No. 5,361,385 discloses software for displaying images in 3-D but does not show a visual display that would be useful to an information analyst.
Since visual representations are known to be generally useful in assisting in the comprehension of information, particularly if the information is complex or voluminous, there exists a need to apply visual representational techniques to facilitate situational awareness in cyber defense.